Why Wifi and Privacy don’t fit together

Hi everyone,

If you read me regularly, you should know how a fervent supporter of privacy I am. Sometimes, I can even turn myself into a genuine government agent and go as far as possible into investigating and find out those responsible for general mass attacks ( here ) or, as more recently, attacks targeting a precise profile of users ( there )

As you may guess with the title of this post, we are not going to visit this time the confines of Russia or China to investigate on dark individuals. Nope, I suggest you instead to take a look at threats hanging over us, or should I say in your house! Yep, in your house, right now, or even at your workplace.

gif
The reaction of many readers at this time of this post

Indeed, with all these cases of mass espionage and high level hacking, there is IMHO too much a trend to neglect or even forget the risks of sending in the air its emails, its bank codes, its password or in one word: its data. Today, there are of course many so-called “wireless” protocols which allow us to send data to the air (Bluetooth, GSM, ZigBee, NFC, …). Today we will focus on one of the most used, you may have already guessed it and that’s the in the title of this post (coincidence?): WI-FI!

gif

A bit of history

Wi-Fi is a set of standards for wireless networks developed by the Institute of Electrical and Electronics Engineers (IEEE 802). Its first standard is published in 1997, and allows exchanges at a theoretical speed of 2 Mbit/s (it’s very slow nowadays). The set has been enhanced in 1999, with the publication of IEEE 802.11a and 802.11b standards which increase the theoretical throughput rate to 54 Mbit/s as well as a privacy protection system: the famous WEP (Wired Equivalent Privacy).

It’s for WI-FI, the very first system to protect users against hackers. Except that Firstly , WEP was an option and therefore, a lot of people simply disregarded it. Secondly , in short, WEP used a robust encryption algorithm for that time. The fact, is we saw about 10 seconds ago that the performances had been increased by X27 between 1997 and 1999. You understand then that it was not necessary to wait a long time to be able to break the encryption used by WEP. For the cryptoaholics, the responsible all of this was the RC4 algorithm that breaks today less than ten seconds.

To replace WEP, in 2003 was designed WPA which is still widely used today. That’s why, if you check out your phone to find some wifi networks you should find a large number of WPA with a possibility of variant as WPA2 or WPA3 with a suffix “Company”, “PSK” or “TKIP”.

gif
This one is a good one 🤭

WPA in a few numbers

Of course, WPA was not spared by vulnerabilities. But doing a little researches on our beloved Wikipedia, didn’t reveal a couple of flaws as WEP but:

9 flaws

Just that! But wait, this ins’t the worst part. Indeed, a few dozen known vulnerabilities in one of the most used protocols of the 21st century isn’t a bad sign but a pretty good one because it means that the publisher is aware of these flaws. In order to protect their customers, publishers can release a patch or even a workaround to continue to use the device safely until the patched version is released.

The real problem with WPA is that there is no versioning at all. Basically when WPA version 1.0 is released but unfortunately (or fortunately ?) in the meanwhile, some flaws are heard, these flaws are not patched immediately in a version “WPA version 1.1 patch”. No, no, no and there is the worst part ! When flaws are found, for example, on version 1.0 it is necessary to wait for the second version “WPA2” to hope to see them patched. If it’s reassuring for some people to see vulnerabilities patched in a year with WPA to WP2, how about waiting for:

14 YEARS !!!

Yep, between WPA2 to WPA3 there is 14 years 🤠 ! But it’s even funnier than that because most of the Wi-Fi vendors haven’t even implemented an UPDATE function on their devices. We could almost believe that they were not even expecting a third WPA standard 🤠! It’s a NO-NO even for those big companies that everyone uses their chips without knowing it. Well you have to believe that it is quite normal today to drive with a 14 year old car that we know the brakes can actually breake at any time!

 gif
YOLO as we say 🤠

Did you know ?

Do you know the principle of “Did you know? “? Usually, I don’t say no, but with WI-FI, we will have a good time, I can guarantee it!

Did you know?

If you see some SSID (The names of Wi-Fi networks, eg FBI Surveillance) it also means that you are actually receiving the network packets of different devices connected to those networks. As each packet contains a header to know which network it is connected to, we can determine how many devices are connected to a network. Another important field, the MAC address that is defined by the manufacturer of the device is also indicated. Which means that even without being authenticated to the network, I can know exacly which and how many devices are connected to a network. Hell yeah ! Enjoy your privacy in 2019 🤠 !

gif

Did you know?

Wi-Fi implements a function to deauthenticate all users on a network, quite useful if you want to annoy all your neighborhood !

 gif

Did you know?

On public Wi-Fi networks , everyone has access to everyone’s data, so if you are enjoying a tasty Happy Meal at a well-known restaurant and for any reason you are connecting to your Minecraft server in FTP, the Wi-Fi hotspot will actually sends your password in clear in the air within an area of 26 576,97 m² (the maximum range of a wifi hotspot being 92 m indoors)

gif
this packet is afraid to be intercepted 🤠

Did you know?

There is actually no control to know who is whom on a wifi network. For instance, if I deauthenticate you from your wifi router, and I sneak to your doorstep to turn on a fake access point with the same name of your real access point. There is no way for you to say “Oh, there’s a bad guy at my doorstep performing a traffic redirection “. You will simply give me all your data including all your passwords thinking that it’s your usual connection.

Did you know?

There is still a significant number of Wi-Fi networks still under WEP in the world. For example, in 2015, 36.5% of Wi-Fi networks in Paris could be accessed without any password, and no less than 61.5% of Wi-Fi networks were password protected but used a poor encryption method such as, for example, just totally random picked: WEP. The study was carried out on “Avenue de l’Opera”, along the Seine and up to Notre-Dame de Paris, where 7,523 Wi-Fi networks belonging to hotels, cafés, offices and private residences were identified.

gif
Don’t even think about getting free WI-FI !! 🤠

Did you know?

Since August 2010, boxes with less than € 5 that work without human intervention, automatically search for WEP connections 1 km away, decode them and thus provide a free Internet connection to any computer connected to it, regardless of the system. exploitation. they also allow by extension to listen to the network in order to capture all the passwords that circulate on it. All as anonymous as illegal.

Did you know?

China has its own national standard to replace WPA named WAPI for WLAN Authentication Privacy Infrastructure.

gif
This country will never stop surprising me 🤔

Did you know?

Although WPA3 is supposed to be operational since January 2019, its key feature called OWE for “Opportunistic wireless Encryption” is still unavailable. If this feature was available, it would make the example of the Minecraft FTP connection over the hotel wifi just impossible. Even if according to Wikipedia, an attack of this kind is still possible even with OWE. Well, WPA3 remains a colander, a modern colander certainly, but a colander anyway!

Verdict

For better or for worse, Wi-Fi is ubiquitous today and although it’s quite practical and effective in terms of speed, Wi-Fi is all but privacy friendly.

In my opinion, there is far too few quality of what user get at the end. We are deploying always more Wi-Fi hotspot, always more powerful, ever more practical, but without solving the real problems it poses. I’ll say it right away, don’t think I’m carpeting into my cave with a foil hat and screaming “BIG BROTHER IS WATCHING ME” all the time !

I’m the first to use Wi-Fi in hotels or in McDonald’s between two French-fries with ketchup to watch youtubes poop videos. However, I think that Wi-Fi problems are a bit like Iphones, we always add new innovative features and make sure to fully exploit the potential of the device without solve the problem #1 which could break everything: the battery with Iphones and the privacy what is,even more important.

Voilà ! I hope you enjoyed this article, do not hesitate to make your own idea on the subject and comment. We don’t change good habits, send the link of this article to your friends or your colleagues it’s very important if you want the site to grow. I’ll see you soon for a new article!

Until then, stay safe, stay well and stay strong !

Because I’m not all-knowing

https://fr.wikipedia.org/wiki/Wi-Fi
https://fr.wikipedia.org/wiki/Wi-Fi_Protected_Access
https://fr.wikipedia.org/wiki/Institute_of_Electrical_and_Electronics_Engineers
https://www.journaldugeek.com/2015/07/29/etude-a-paris-365-des-reseaux-wi-fi-sont-accessibles-sans-aucun-mot-de-passe/